Phantoms of Fancy Widget — How hard (easy) it is to steal an Android app
Hi Guys,
First off, for Fancy Widget (FW) fans, the new FW is on track, and you guys won't be disappointed when it comes out, so stay tuned!
However, this post is not mainly about the new FW, but somehow related to the departed one. Clearly after FW was pulled off from the Android Market, it still lives on many of our fans' phones. But as we recently found out, it also "lives" in another rather obscure form in the market. It turns out that some guy apparently took the FW's code base, changed some image resources, tweaked the layout and texts a bit, rebranded and republished it on the market as multiple themed versions (and charging for it in some cases!), without even providing any attribution or giving any credit to FW. So there are still lots of "phantom" FWs floating around in different forms on the official Android Market, and the number is still growing as we write...
How is this possible, you may ask? Well, with easy-to-use tools specifically designed for reengineering Android application packages, it won't be too much of a challenge. With the right tool, one can decode resources to nearly original form and rebuild them after making modifications with just a few clicks or commands. Those tools were initially created with good intentions and purposes, but they can also be abused. For this particular case that we found out, we have hard evidence of what the author did, so it's not just speculation on our part. It is, however, much harder to do something similar on other platforms such as the iOS.
What struck us most is not that Fancy Widget got literally ripped off, but the fact that reengineering almost any Android app and rebranding/repackaging it (for profit!) is just SO EASY (even a caveman can do it), and it could totally go under the radar if more care is taken during the process. This would be a huge bump for us fellow Android developers, and Google's new app licensing schemes won't help in this case either. Without system-level support, we could foresee lots of similar occurrences in the future. If that becomes the reality (if not already), it will be detrimental to the Android ecosystem as a whole, and here's why:
- For users, the user experience for most (if not all) phantom apps would suck since they are more likely to be published by incompetent/lazy devs that either can't or won't bother to implement their own features, let alone improving and actively maintaining the apps.
- For developers, phantom apps will be a problem worse than piracy. Because pirated apps, although prevalent to some extent, can't be distributed through legit channels such as the Android Market, while the phantom apps could be published and thus competing head to head with the original ones in the same arena.
- For the Android platform, the average quality of apps on the market will be dragged down dramatically by the huge influx of phantom apps.
So what's our take on this? Our conclusion is it's pretty hard on our side to prevent this from happening, and we'd rather spend our time on improving FW. We are still going to release Fancy Widget with totally new design and exciting new features. After all, fans loved the original Fancy Widget not only because of the look and feel (salute to HTC's design team!) but also the extra features that we added in. So guys, again, stay tuned, the new Fancy Widget is on the way!
-- Android Does
P.S. For those of you who are interested in the origin of Fancy Widget: the project started simply because one of the developers was switching his phone from an HTC Hero to the original Droid (thanks to Google for giving out free dev phones), and he missed the old Sense flip clock on the Hero. Then it all started from there. We built it because we liked it, and we released it for free (w/o ads!) to everyone that has similar needs. We consider it an organic idea, although someone may not agree on that. 
Update: One of the authors of the infringing apps/widgets has responded to us and started taking off those apps. But as some of the commenters pointed out, similar issues could happen again and again, and this is definitely worth some attention for the benefit of the entire Android platform.
September 11th, 2010 - 01:04
Baby get real ! Both reverse engineering and re engineering are legal ! So, stop whining !
September 11th, 2010 - 01:42
Whining or not, we are not talking about legal issues here.
It’s about the Android system. It’s worth attention not because some guy stole our code, but because this could hurt the entire Android ecosystem.
September 11th, 2010 - 10:10
Did you submit a DMCA takedown request?
September 11th, 2010 - 02:15
@”Think about it”: While reverse engineering may be legal, decompiling an application and then using the obtained source code in another program is clearly copyright infringement
Regular Java applications share the same problem, btw.
Will you obfuscate the code of your next release?
September 11th, 2010 - 02:54
Even if we obfuscate the Java source code, the resource XML files can still be decoded and manipulated. It is difficult to stop such rebranded phantom apps.
September 11th, 2010 - 05:58
Mother fucker. I can’t believe this is possible.
September 11th, 2010 - 07:38
This is an unfortunate truth of Java. Thats why high-score web games don’t use Java applets anymore (one of the reasons). You can’t trust the client.
September 11th, 2010 - 08:32
I suppose new phantom apps can appear as fast as you can put in a copyright claim, so maybe Google should be more restrictive of who it allows to submit paid apps. They might require someone to have at least one highly-rated free app first. Yet, they probably do not want to be as exclusive as the Apple store, and adding crippling copy protection to all apps truly defeats the purpose of having a Linux-based phone.
Undoubtedly, open-source (commercial) apps should be able to thrive. As Google works to add search to the market, they really need to incorporate a proper rating system. Cheesy apps or knock-offs could be downvoted into oblivion. Generally, user ratings would be quicker if not more honest than any kind of quality assurance team.
No matter how hard you make it to reverse engineer your app, it probably cannot be stopped. If restrictions / protections are to be added, they should affect your user the least. It’s better to keep the app market engaging and open. Users should be able to do something about it when they’ve been duped. Traditionally, a lot of users were burned once, then been hesitant to trust what shows up in the store on future app purchases.
September 11th, 2010 - 08:51
I don’t see it as a major issue down the road. Think of the kirf industry in electronics. In the online world direct copying is the sincerest form of flattery. The end user knows the difference and will almost always choose the original and most superior product. If you’re going to drop money on an app you want the best.
September 11th, 2010 - 11:10
That’s why we are focusing adding/improving features right now.
On a side note, don’t you think it’ll be a bad thing for everyone if the Android Market is plagued with “phantom” apps?
September 11th, 2010 - 11:10
This is a problem with every OS, every application, ever. Period. Apple tries to lock things down, but it’s still possible to pirate iOS apps. There is no way to prevent this and locking down Android isn’t going to solve it, it’s just going to destroy Android’s principles.
I don’t know what you want Fred, but it’s not practical or going to solve anything.
September 11th, 2010 - 11:25
It is true that other platforms also have piracy issues. But to pirate/crack an app is different from rebranding an app, claiming full credit of it, and selling it as if it is yours.
September 11th, 2010 - 17:28
We want to raise everybody’s attention on this issue, this is definitely not a “good feature” Android could offer as compared to other competing platforms
September 11th, 2010 - 17:54
Obviously, if you contact Google, they’ll remove the application, but like I said, this could happen anywhere that there isn’t a single company controlling a single entry point to the OS. Even if you get it removed from the Market, you can download the pirated apk somewhere else anyway.
If Microsoft gets Visual Studio pulled from free-downloads.com, it just pops up on the The Pirate Bay. The only platform that has the potential to stop this is Apple’s because they limit what gets on the Market. Are you really advocating for Google to control the Market and platform like Apple is?
If they did, you wouldn’t be able to sell, produce or distribute your application because it violates many of Apple’s app rules already.
My point is, what exactly do you want or expect?
September 11th, 2010 - 18:31
There are many possible solutions to this problem, any solution will be better than what it is now. It not necessarily have to be tight control on the Market from Google, this issue should be easier to fix if google provided some obfuscation features in their build tools. or if they do want to do it on their server side, they could maintain the DB of submitted apps’ bytecodes, and automatically checks the “level of similarity” of newly submitted apps (similar to some plagiarism software used in academia to check similarity of publications). If high similarity is found, it can raise a flag to the devs so that the devs could decide what to do next. This won’t make the Market as tightly controlled as Apple’s App Store.
September 11th, 2010 - 23:53
I agree completely. I just wanted to make sure that you were advocating for such a, what I would call, middle ground. I think those kinds of tools would be highly useful and I’d love to see Google implement those as part of the upgraded Market that they’re launching soon(ish). I think a serious look at the UI and Market could put them in a unique spot to not only dominate the market, but also the combined usability and openness. I just hope they have the UX resources on top of the pure engineering resources.
Thanks for your comments Fred.
September 11th, 2010 - 13:50
Interesting accusation…because the only lookalike widgets I can see on the market all predate yours.
September 11th, 2010 - 17:18
Those are not the ones we are talking about here, the ones that we are referring to were just put on the Market since early Sep.
September 11th, 2010 - 20:32
I realise which ones you’re referring to…it’s just that when you sort results by newest (AndroidZoom.com) there’s nothing that looks like yours and was only released recently! There are the numerous new themes for “Weather & Toggle Widget” but the actual widget was released over a year ago.
September 12th, 2010 - 10:59
The phantoms of FW do not look like ours at first sight as they are themed. The screenshots from the market do not reveal the similarity. But if you take a closer look after installing any of them, the config screen is almost the same, except that the copyright information has been modified.
September 12th, 2010 - 07:52
Pretty cool, thanks!
September 15th, 2010 - 11:16
What’s the “original droid“?
September 17th, 2010 - 01:46
Motorola Droid A855 (aka Milestone)
September 15th, 2010 - 12:38
So are you talking about the “Weather & toggle widget” from lock2.0? What about the Beautiful Widgets don’t they infringe too? Does HTC have the rights to the IP for everything? It honestly looks like a big legal mess with so many versions of the same thing…
September 17th, 2010 - 01:50
This post refers to neither Weather & Toggle Widgets nor Beautiful Widgets. Both apps have been around for a long time. HTC has copyright on their design of the HTC widgets, however they do not have copyright on clock and weather widgets in general.
September 23rd, 2010 - 15:35
I’m hella mad. I was looking 4 da app bcuz I had to replace my fone bcuz my cuzzin broke da charger piece & now I can’t even DL da app! And daa rip_off version wants me to pay for a once free app?! Fk naw! Id slap da $#!+ out dat n!gg@. Ugh I’m too pissed off rite now
October 2nd, 2010 - 10:17
Could you make it work with devices which got their LCD Density changed? I’d like to use 200 dpi or even 180 dpi instead of 240 (HTC Desire, LauncherPro Plus).
If you change the LCD Density, this widget’s background doesn’t scale properly and looks bad.
October 10th, 2010 - 10:32
So you are only complaining they stole you code but you do not see anything wrong with stealing HTC’s designs? A bit hypocritical if you ask me. Just because it’s layout and graphics doesn’t mean it’s not the same thing. If your clock widget was an original design code/graphics/layout then I could see complaining .. in this instance .. not so much.
October 14th, 2010 - 06:15
I really like this widget. I hope you are considering adding the flip clock functionality that is on the new HTC Desire HD and Z, the fact that it actually flips down looks really sweet. Regards
October 23rd, 2010 - 11:19
I keep a copy of the orignal fw because if you use another launcher on your htc phone you can’t use htc widgets.
November 26th, 2010 - 08:23
Think about it – Go fuck your mother you cunt!
January 24th, 2011 - 21:33
The next time I read a blog, I really hope it does not dissatisfy me as much as this one. I mean, I know it had been my choice to study, however We really believed youd have something fascinating to express. All I listen to is a couple of whining about something that you could fix if you werent too busy searching for attention.
February 4th, 2011 - 11:52
Excellent Stuff Here!!
April 1st, 2011 - 12:26
How could I have missed this blog! Its . Your design is beautiful, its like you know exactly what to do in order to make people flock to your blog! I also like the perspective you brought to this subject. Its like you have an insight that most people havent seen before. I love to read a blog like this.
May 15th, 2011 - 18:56
excellent stuff
really enjoyed this post, i will read a little more in your site soon after i’m done with work! 